| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jeff.t.parker at hp.com (Parker, Jeff (MSE)) Subject: OT but related. Yes, I've signed on to this list only 2 days ago and have noticed the very same cross-posting. Case in point: My group uses Update Expert - I noticed, determined and documented how & why it fails to successfully roll up Win2K SP4 and MS03-026. I sent this information to Russ (NTBugtraq's editor & moderator) and he posted it. Crazy enough, this info shows up a few hours later from Paul Schmehl's as his posting "Patching Networks redux." Wording is pretty much identical. Let me be the first to cite Russ's actual (original) posting: *********************** FYI, it is worth reminding people that some patch checking tools don't do a complete check. Windows Update doesn't check files, and it would seem that other products have problems also. Some tools only check for the presence of a registry key indicating that a hotfix was applied. Other tools, such as Shavlik's HFNetchk and MBSA (and others) actually check file details, including a checksum, to verify that the files in play are actually the right versions. I was speaking with Jeff.t.Parker @ hp.com about this issue. His observations confirm this (see below). If patched files are reverted to previous versions, for whatever reason, Windows Update and (at least in this case) Update Expert (and possibly other such tools) will incorrectly assert you have the patch applied when in fact you don't. He wrote in to advise that Update Expert (v6.0 build 6069) is giving erroneous results at least in some cases. After applying SP4 concurrently with MS03-026 (using Update Expert), Jeff noticed some interesting results. The resulting versions of the files contained in MS03-026 on some machines were; 5.0.2195.6692 ole32.dll 5.0.2195.6701 rpcrt4.dll 5.0.2195.6702 rpcss.dll This led to Windows Update and Update Expert both reporting that the systems had MS03-026 applied (wrong). MBSA and eEye's Retina both said the systems *did not* have MS03-026 applied (right). While this may be a problem with the way Update Expert deploys Service Pack + Hotfix combinations, it also demonstrates the problem Windows Update has by not being able to examine file details (relying only on registry entries). How many systems are out there now who believe they have MS03-026 applied, can't get it offered to them from Windows Update, but in fact don't have it applied at all?? *********************** -Jeff @ HP -----Original Message----- From: John.Airey@...b.org.uk [mailto:John.Airey@...b.org.uk] Sent: Wednesday, July 30, 2003 4:35 AM To: full-disclosure@...ts.netsys.com Subject: RE: [Full-Disclosure] OT but related. Your questions are intriguing. Anyone who answers the first yes can't answer any of the others. I subscribed to bugtraq before this list was created. Then it was bought up and posts started getting dropped. My own posts were dropped without reason (in some cases they cleared up FUD, which is therefore clearly not a priority for the new owner). I've observed recently that some of the posts that make it to this list are appearing on bugtraq too. So I'm having to delete the same rubbish twice in some cases. What I'm finding annoying though is that somehow there is cross-posting between the lists, such that I receive at least six copies of every Red Hat security notice, when I should only receive two. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@...b.org.uk The trouble with post-modernism isn't just that no-one actually believes in it, but no-one can believe in it. > -----Original Message----- > From: Darren Reed [mailto:avalon@...igula.anu.edu.au] > Sent: 29 July 2003 18:34 > To: full-disclosure@...ts.netsys.com > Subject: [Full-Disclosure] OT but related. > > > > I'm curious to know, does anyone subscribe to full-disclosure BUT NOT > bugtraq ? Is there any material that currently appears on > bugtraq that > never appears on full-disclosure ? Is there anything that owners of > full-disclsoure could do to bridge that gap, if it exists ? > > My personal current evaluation of the two lists is tending > towards bugtraq > being irrelevant, these days as it becomes more of a > vendor-announce list > (especially for Linux) than a useful forum to particpate in. > > Cheers, > Darren > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists